New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
EXPANDR-5778: Organizational scope searching for EC2 #31849
EXPANDR-5778: Organizational scope searching for EC2 #31849
Conversation
Thank you for your contribution. Your generosity and caring are unrivaled! Make sure to register your contribution by filling the Contribution Registration form, so our content wizard @YuvHayun will know the proposed changes are ready to be reviewed. |
Hi @johnnywilkes, thanks for contributing to a Cortex XSOAR supported pack. To receive credit for your generous contribution please follow this link. |
@melamedbn / @adi88d , this was opened to replace #31493 |
Not sure about the unit tests and how/if I need to resolve |
Hi @johnnywilkes, Everything looks great. Can you just add the IPAM outputs? Best regards, |
@melamedbn , i believe you are referring to outputting some of the IPAM information from the playbook, right? I can do this but would prefer not to as IPAM is really only the mechanism to determine the account/region/instanceID of the EC2 so we can pull additional information on the instance and security group. Therefore, we really care more about the instance/SG information and those should be the intended outputs. |
Packs/AWS-Enrichment-Remediation/Playbooks/AWS_-_Enrichment.yml
Outdated
Show resolved
Hide resolved
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great!
6c3ff97
into
demisto:contrib/PaloAltoNetworks_AWS-E+R-EXPANDR-5778-2
* EXPANDR-5778: Organizational scope searching for EC2 (#31849) * redo it all * packs ignore * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * bump ver * bump ver2 --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Bump pack from version AWS-Enrichment-Remediation to 1.1.12. * echo curl * revert * debug * print curl * print curl * revert --------- Co-authored-by: johnnywilkes <32227961+johnnywilkes@users.noreply.github.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> Co-authored-by: Adi Daud <46249224+adi88d@users.noreply.github.com> Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> Co-authored-by: MosheEichler <meichler@paloaltonetworks.com>
* EXPANDR-5778: Organizational scope searching for EC2 (#31849) * redo it all * packs ignore * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * bump ver * bump ver2 --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Bump pack from version AWS-Enrichment-Remediation to 1.1.12. * echo curl * revert * debug * print curl * print curl * revert --------- Co-authored-by: johnnywilkes <32227961+johnnywilkes@users.noreply.github.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> Co-authored-by: Adi Daud <46249224+adi88d@users.noreply.github.com> Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: RotemAmit <ramit@paloaltonetworks.com> Co-authored-by: MosheEichler <meichler@paloaltonetworks.com>
Contributing to Cortex XSOAR Content
Make sure to register your contribution by filling the contribution registration form
The Pull Request will be reviewed only after the contribution registration form is filled.
Status
Related Issues
https://jira-dc.paloaltonetworks.com/browse/EXPANDR-5778
Description
The recommended way to search for an EC2 instance by public IP is called IPAM Public IP Insights (https://aws.amazon.com/about-aws/whats-new/2023/07/aws-public-ip-insights-vpc-ip-address-manager/) and it just got API to access data (commands added in #31165). This PR increases the abilities of the AWS - Enrichment playbook to use the AWS IPAM Public IP Insights API to search for an IP address on of an EC2 instance in the organization scope and to pull additional information on it.
Must have